Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cronjob SSL problem

Discussion in 'Security' started by Nick Laenen, Sep 11, 2017.

Tags:
  1. Nick Laenen

    Nick Laenen Registered

    Joined:
    Sep 11, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Dear friends,

    I've got a problem with my cronjobs connecting to an SSL page using wget / curl and can't figure out the problem. The website is running without any problems with the SSL certificate.

    When trying to run a cronjob to an SSL secured page I get the error:

    Code:
    OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Unable to establish SSL connection.
    So I checked SSH OpenSSL connection to port 443:
    Code:
    CONNECTED(00000003)
    139924839712584:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 7 bytes and written 247 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    
    When I try Curl:
    Code:
    * About to connect() to www.example.nl port 443 (#0)
    *   Trying 2a01:7c8:abc9:3d5::1... connected
    * Connected to www.server.nl (2a01:7c8:abc9:3d5::1) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * NSS error -12263
    * Closing connection #0
    * SSL connect error
    curl: (35) SSL connect error
    The same with the hostname url:
    Code:
    * About to connect() to server.server.nl port 443 (#0)
    *   Trying 149.999.189.86... connected
    * Connected to server.laenenmusic.nl (149.999.189.86) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    * Server certificate:
    *       subject: CN=server.server.nl,OU=PositiveSSL,OU=Domain Control Validated
    ETC
    
    There is a difference between the two ip adresses (IPv4 and IPv6) but the connection is OK.

    Does anybody have a idea why this error showing up?
     
    #1 Nick Laenen, Sep 11, 2017
    Last edited by a moderator: Sep 11, 2017
  2. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    50
    Likes Received:
    23
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I had a problem with similar symptoms about a week ago.
    I noticed it when calls to WordPress update server (also wget https) were failing with the same error.
    While I cant say exactly how the issue is caused, I suspected it may be with the bind server.
    My bind was set up as a caching nameserver and I suspected problem with cached dns lookups
    I ran the cmd...
    Code:
    rndc flush
    to flush the cache.
    Then restarted bind with the cmd...
    Code:
    /usr/local/cpanel/scripts/restartsrv_named
    or use the WHM interface to do the restart.

    After these actions the https wget requests started succeeding again.
    Maybe the restart of named may have been enough (I cant reproduce the issue once its fixed so I cant test that.)
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,220
    Likes Received:
    1,376
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you verify if the information in the previous post helps?

    Thank you.
     
  4. Nick Laenen

    Nick Laenen Registered

    Joined:
    Sep 11, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Thanks Fuzzy for you answer, I tried what did help you but without success....

    When I use:

    Code:
    rndc flush
    The respons is:

    WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)

    Maybe this is part of the problem... I don't know. I forgot to mention, but the problem started when we updated from EasyApache3 to EasyApache4.

    Any Idea how to solve the warning?

    Thanks
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,220
    Likes Received:
    1,376
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello Nick,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
Loading...

Share This Page